User's Remote shell (SSH) access

IIRC the problem was the underlying samba-tool: it does not provide an option to change the corresponding LDAP attribute, after user creation.

IMO that checkbox should be removed from that page, because “User U has a shell access to Machine M” depends on both U and M. As we support remote account providers we should also implement a method (GPOs?) to deploy permissions on individual machines, to enforce rules like:

  • User1 can ssh to Machine1 (file server)
  • User1 can’t ssh to Machine2 (firewall)
1 Like